-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wrsEARYKAG0FgmmZXmEJEMDMguN5zIrpRRQAAAAAABwAIHNhbHRAbm90YXRp
b25zLm9wZW5wZ3Bqcy5vcmc1MUXc8yX0p5ddzvGax6A8KlqExCYIbuvfjTbI
C1tBphYhBIvRXcwsmIWogGzmosDMguN5zIrpAABG4gEAtSLoJNZvWQ55Muvc
AMeye8yD3McMkc9g71grY64LAzgBAL5x/HzMfWJXHSm4DIganKlvKg9lM8I2
XMNZEZirDQoP
=pjT9
-----END PGP SIGNATURE-----
On Friday, February 20th, 2026 at 21:29, Samuel <armemulasagna@gmail.com> wrote:
> sha256 hash (file ends with newline):
> SHA256 (pwgenerator) = 740470dc3ea3911a19c7165d3439136ff8fb180a7f65ad31c6086a91957b77e4
>
> contents:
> #!/bin/ksh
>
> set -e
> trap 'error=$?; if (($error)); then print -ru2 -- "$0: line $LINENO: $error"; fi' ERR
>
> if [ -t 1 ]; then
> tput clear || exit 1
> tput cup 0 0 || exit 1
> tput el || exit 1
> fi
>
> LENGTH=20
> VARIATION=4
> set -A P
> set -A Q
> while :; do
> for i in $(dd if=/dev/random bs=4 count=1 2>/dev/null |
> hexdump -e '/1 "%u\n"')
> do
> ((i<190)) && P[${#P[@]}]="$(
> printf '%b' "\\$(printf %o "$((i%95+32))")"
> )"
> done
> l=${#P[@]}
> if ((l >= LENGTH)); then
> nu=$(printf '%s\n' "${P[@]}" | grep -c '[[:upper:]]' || true)
> nl=$(printf '%s\n' "${P[@]}" | grep -c '[[:lower:]]' || true)
> nd=$(printf '%s\n' "${P[@]}" | grep -c '[[:digit:]]' || true)
> nx=$(printf '%s\n' "${P[@]}" | grep -c '[ [:punct:]]' || true)
> ((nu*nl*nd*nx)) || continue
> until ((l-LENGTH <= VARIATION)); do
> # sum of chars. - types of chars. >= ...
> ((l-4 >= l-LENGTH-VARIATION)) || continue 2
> ((nu>1)) && rmc="$rmc[:upper:]"
> ((nl>1)) && rmc="$rmc[:lower:]"
> ((nd>1)) && rmc="$rmc[:digit:]"
> ((nu>1)) && rmc="$rmc [:punct:]"
> rmc="[$rmc]"; unset Q
> for i in ""; do
> if [ -z "$rmc" ] ||
> ! print -r -- "$i" | grep -q "$rmc"; then
> Q[${#Q[@]}]="$i"
> else
> rmc=
> fi
> done
> set -A P -- "${Q[@]}"; l=${#P[@]}
> nu=$(printf '%s\n' "${P[@]}" | grep -c '[[:upper:]]' || true)
> nl=$(printf '%s\n' "${P[@]}" | grep -c '[[:lower:]]' || true)
> nd=$(printf '%s\n' "${P[@]}" | grep -c '[[:digit:]]' || true)
> nx=$(printf '%s\n' "${P[@]}" | grep -c '[ [:punct:]]' || true)
> done
> break
> fi
> done
>
> if [ -t 1 ]; then
> jot -nb . -s '' $l; print $l
> read -r unused?"$(printf '%s' "${P[@]}")"
> tput cup 0 0; tput el
> tput cup 1 0; tput el
> else
> printf '%s' "${P[@]}"; print
> fi
If you want random passwords, why not just use
openssl rand -base64 32
or
openssl rand -hex 32
What I have done in the past was create passwords with:
openssl rand -hex 60
for user accounts that are intended to only be used via ssh with ssh keys. No need to memorize them or write them down at all. That way, if I or someone else made a mistake with /etc/ssh/sshd_config and accidentally allowed ssh access via passwords, the odds of someone guessing the password within the next few billion years would be minimal.
For what it's worth, my servers all permit ssh access only via IPv6. This cuts down nearly all attempts to connect.
Eric
No comments:
Post a Comment